from the protecting-your-privacy dept

Oh those wacky US Marshals. As you may have heard, they recently began to auction off the Bitcoins seized when Silk Road was shut down (though, some may argue it's a little early given that the trial over the site hasn't happened yet). However, the US Marshals then pulled off one of the oldest email errors around, including the list of possible bidders in the "cc:" field instead of the "bcc:" field. This is like a 1990s-era mistake. The Marshal Service has apologized, noting that the email was just sent to people who had emailed in questions about the auction (so, not necessarily bidders), but it still seems like a pretty big faux pas.

from the urls-we-dig-up dept

Maybe you've been following a sport called football (not soccer!) recently. You wouldn't be alone. The World Cup has an audience size of nearly a billion people, roughly nine times the audience that watches the Super Bowl (or the whatever-you're-allowed-to-call-it "big game"). But for those of you not really interested in watching these soccer football matches, here are some links on the technology behind various game balls.

Soccer ball designs have changed quite a bit since the 1920s. The Telstar Durlast ball from the 1970 World Cup is the buckyball shape that was designed to be more visible on black & white TVs. The newest ball designs have far fewer panels and seams, and they need to be tested to make sure the aerodynamics aren't too different from previous balls. [url]

The first basketball was actually a soccer ball. Before the 1940s, the technology to make an inflatable ball without laces didn't exist, so it wasn't until after basketballs could be molded for a smooth surface (without laces), that dribbling became a major part of the sport. [url]

from the bs-indeed dept

It seems that many in the anti-piracy world are moving up the chain a bit in their quixotic fight against anything they feel must be illegal (even if it's not). From targeting the sites directly, to then focusing on hosting firms, they're now going directly to registrars and ordering them to pull domain names or face liability. And while many of the better web hosts have learned to be familiar with the law here, many registrars are confused (thankfully, there are a few exceptions).

The latest example of a registrar folding the second someone freaked out is the aptly named Internet BS (or Internet.bs), which apparently suspended Bittorrent.pm's domain, after a company called Rico Management claimed it was hosting infringing files. Of course, it's not hosting any infringing files, because it's an index site, rather than a hosting site. Rico complained, and Internet BS told the site's administrators that it had to take action or face liability, and then it also complained that Bittorrent.pm didn't have a contact page on its website. Of course, as Torrentfreak notes, there's some irony in the fact that the complaining company, Rico Management, doesn't even seem to have a website at all, let alone official contact information.

Either way, the idea that a registrar might be liable for infringement stretches the bounds of secondary liability to ridiculous lengths. Remember, the direct infringement is done by end users. At best, Bittorrent.pm might be found for secondary liability. You could argue that its hosting provider might have (already ridiculous) tertiary liability, meaning the registrar would be at the level of quaternary liability, which is taking the concept of third party liability to extreme and ridiculous levels. And, of course, that doesn't even get into the fact that neither Bittorrent.pm nor Internet BS are in the US, and yet Internet BS seemed to be relying on an extremely strained reading of the US's DMCA to make this argument.

If there's actual infringement going on, the focus should be on holding those actually responsible liable, not twisting liability rules to make everyone else potentially liable. When you go down that path, you guarantee easy and widespread stifling of perfectly legitimate speech and innovation.

from the adding-more-tentacles-to-the-octopus dept

Another set of leaked NSA documents has been posted in a team effort by The Intercept and Danish newspaper Dagbladet. This one deals with the NSA's RAMPART-A program, a surveillance effort that depends on the cooperation of involved countries to be successful. As the NSA has always made an effort to point out, its interception of foreign communications is both completely legal and the sort of thing people would expect a national security agency to be doing. (Although, on the latter part, people would normally expect the agency to be doing a little targeting along with the interception, but that's really never been the case across the ocean or domestically.)

It has already been widely reported that the NSA works closely with eavesdropping agencies in the United Kingdom, Canada, New Zealand, and Australia as part of the so-called Five Eyes surveillance alliance. But the latest Snowden documents show that a number of other countries, described by the NSA as “third-party partners,” are playing an increasingly important role – by secretly allowing the NSA to install surveillance equipment on their fiber-optic cables.

The NSA documents state that under RAMPART-A, foreign partners “provide access to cables and host U.S. equipment.” This allows the agency to covertly tap into “congestion points around the world” where it says it can intercept the content of phone calls, faxes, e-mails, internet chats, data from virtual private networks, and calls made using Voice over IP software like Skype.

From what's been gathered here, it appears that the NSA has at least 70 interception points where it harvests communications from overseas cables. But it can't do it alone. It needs the assistance and permission of the affected countries. So, everyone plays nice and pretends they won't use the intercepts to harvest domestic communications and receive vague assurances in return that others won't use the taps to grab each other's communications.

The partnership deals operate on the condition that the host country will not use the NSA's spy technology to collect any data on U.S. citizens. The NSA also agrees that it will not use the access it has been granted to collect data on the host countries' citizens.

But if everyone meant what they said, no one would be grabbing anything. Snowden explains how it actually works.

"An EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn't search it for Danes, and Germany may give the NSA access to another on the condition that it doesn't search for Germans," Snowden said.

"Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements."

Presumably, partnering countries do the same sort of workaround, grabbing communications in transit from points located outside of the areas where these "promises" to respect each participant's local communications are in effect. And the NSA (and again, presumably other national security agencies) doesn't even necessarily limit itself to this loophole. Other operations tap into these lines "without the consent or knowledge of the countries that host the cables, or are operated from within the United States with the assistance of American telecommunications companies that have international links."

Because any revelation of domestic spying or NSA partnerships would cause problems back home, partnering countries ask for something in return for allowing the NSA to access its cables: namely, the use of NSA surveillance equipment in order to better siphon off the communications they all promised each other they weren't taking.

The Intercept's article names both Denmark and Germany as being fully complicit with the NSA's RAMPART-A. Germany's mutually-assured-surveillance pact with the NSA seems to be in full force, which explains the hilariously muted "we promise to investigate spying" statement weakly delivered a short while ago -- the same one that was hastily amended to "well, we're just going to look into that thing with Angela Merkel's phone." An honest investigation likely would have uncovered plenty of domestic surveillance along with the ongoing complicity of Germany's intelligence services. So, the sort of spying we would almost expect -- on other national leaders -- will get a cursory inspection, while the sort of widespread surveillance of German citizens will be back-burnered and forgotten.

But all this spying is, again, perfectly acceptable, according to the NSA spokesperson:

"The fact that the U.S. government works with other nations, under specific and regulated conditions, mutually strengthens the security of all," said NSA spokeswoman Vanee’ Vines.

SPYING MAKES THE WORLD STRONGER. (Available on coffee mugs and T-shirts at the NSA gift shop.)

"NSA's efforts are focused on ensuring the protection of the national security of the United States, its citizens, and our allies through the pursuit of valid foreign intelligence targets only."

Apparently, there's no way to determine "valid targets" until after you've swept up all the data and communications. The NSA again pretends it runs targeted spycraft, ignoring the fact that its own slides tout the massive amount of communications it can access.

RAMPART-A enables the NSA to tap into three terabits of data every second as the data flows across the compromised cables…

The NSA is drinking straight from the fire hose. Sure, it can't feasibly "collect it all" when faced with this massive amount of data, but with multiple programs in place, it's doing everything it can to swallow a great deal of it. But underneath all of the NSA's efforts lies a platform built by complicit nations -- nations that have also bought into the "spying = security" belief system.

from the the-loophole-is-a-superhighway dept

As was noted here earlier, the FBI took a bold step in towards joining the 21st century by finally implementing audio and video recording hardware introduced in the 20th century. Up until this point, the FBI, along with the DEA and ICE, did not record in-custody interrogations using anything more up-to-date than pen-and-paper. This rendered recollections of interrogations completely suspect, prone to pen-wielder bias and the insertion and removal of context as needed, presumably in order to help secure more convictions for the FBI's entrapment counterterrorism task force.

And, as was also noted, the DOJ's new instructions provided plenty of escape hatches for agents who wished their interrogations to remain as analog as possible. Unrecorded interrogations can still be performed in the event that desirable recording equipment (i.e., a cellphone) isn't available or if the equipment available isn't functioning (batteries missing/unplugged/inadvertently smashed to pieces…).

First, there's the "public safety" exception, which can be triggered when exigent circumstances make unrecorded and (un-Mirandized) interrogations a necessity. These would be questionings normally done in the first few moments of an arrest. But with everyone carrying around a recording device, that exception no longer makes much sense. You no longer have to take a suspect "downtown" in order to record a questioning. The inclusion of this loophole is likely borrowed from pre-existing language, but all it does is create reasons not to record.

[S]ince recording is no longer impracticable, why wouldn't a responsible law enforcement agency want to preserve an unambiguous record? Unlike a public safety exception to Miranda, a public safety exception to recording seems to serve no purpose other than that of affording a loophole that can be exploited for illicit purposes.

The other loophole is much, much larger. It's predicated on the same rationale that has allowed the Constitution to be selectively scrapped over the past dozen years.

The same point applies with even greater force to the exceptions for “national security” and “intelligence, sources, or methods.” If recording is feasible (and that is the only condition in which the recording policy applies), national security and counterterrorism officials can only gain by having an unambiguous record of precisely what a suspect was asked and precisely how he or she answered. Indeed, an official who deliberately chose not to make and preserve a clear record of a national security interrogation would display less dedication than incompetence.

As Schulhofer points out, this exception plays right into the mindset of the FBI, which has refashioned itself into the nation's largest counterterrorism force (putting law enforcement on the back burner). This also plays right into every law enforcement and intelligence agency's fetishization of "intelligence, sources or methods." This is what's conjured up to justify refusals of FOIA requests and to keep new surveillance methods out of the public eye for as long as possible. It's what's used to deny access to returned warrants on closed cases. But for the FBI, it's also a reason to never record anything, just in case. The FBI's intertwined relationship with the NSA -- combined with the last year of leaked documents -- will make any agent extremely wary about leaving behind undisputed records of intelligence-related interviews. But all this will do is make these agencies even more insular and untrustworthy than they already are.

No national security establishment can possibly operate effectively on the basis of unwritten knowledge and word of mouth. If our government has reacted to the Snowden affair by developing an aversion to writing anything down, we are in deep trouble.

"Deep trouble" is where we're headed, if we're not there already. The DOJ has given the FBI, DEA and ICE huge exceptions to the recording policy -- which, it must be noted, aren't actually commands but a "presumptions" -- ones that are particularly prone to exploitation. Over the past decade, we've seen the government exploit the fear of "the next 9/11" to expand power and contract civil liberties. Government agents may now have to act under the "presumption" that custodial interviews will be recorded, but the DOJ has given them a handy list of excuses to use when these recordings fail to happen.

Pennsylvania man Anthony Elonis has historically enjoyed saying outrageous things on Facebook, such as how he would like to murder his estranged wife; shoot up an elementary school; sneak into an amusement park he was fired from to wreak havoc; slit the throats of a female co-worker and a female FBI agent; and use explosives on the state police, the sheriff's department, and any SWAT team that might come to his house. Elonis has never actually done any of these things, but he did spend the last three and a half years in prison for saying that he would. This week, the Supreme Court said it's going to re-examine the case, meaning we'll get a federal decision on whether threats made online need to be made seriously to send the threat-maker to jail, or just need to be taken seriously by a reasonable person threatened.

Elonis' argument is that his threats were just "rap lyrics" intended to be read by only his friends. He also argues he never targeted anyone (ex-wife, schools, FBI) with these comments (specifically pointing to the fact that he never "tagged" any of his "targets" using Facebook's notification system) and that the supposed threats were taken out of context -- that context being that Elonis was known for posting outrageous comments.

The lesson here seems to be that seeking negative attention from the internet also tends to net you additional attention from law enforcement, especially if your background isn't exactly clean. Elonis apparently harassed coworkers to the point of being fired from an amusement park job and some Facebook comments fantasizing/threatening violence towards his ex-wife prompted a real-life restraining order.

One of the problems with Elonis' case is that it asks the Court to find in favor of a very unsympathetic individual. It also asks it to ignore the objective standard so many courts have used and begin applying a subjective standard -- something more aligned with the reality of internet communication. There are other cases out there with more sympathetic protagonists, like Justin Carter, a teen who was arrested and thrown in jail (and held with a $500,000 bail) over some post-video game trash talking that included a mention of shooting up a school. To make the case against Carter, the comment was stripped of its context and presented as the teen's sincere desire to kill schoolchildren.

Social media interactions, when robbed of context, can often appear to be much more dangerous than they actually are. Simply holding that the reasonable person would view one specific comment or post as threatening hurts not only seemingly more "dangerous" people like Elonis, but also those who never truly uttered a threat (like Justin Carter). Since we can't expect the theoretical "reasonable person" to have access to the surrounding context, we expect the court to consider this along with the reasonable person's point of view.

It has long been known that people are more willing to say divisive and controversial things on the internet -- stuff they certainly wouldn't say in person. To hold these interactions to a "reasonable person" standard ignores the fact that the internet isn't particularly known for "reasonable" interactions. There's likely no "bright line" to be found here. Not everything threatening said online should be treated as a threat, but on the other hand, the tendency of internet interactions to be more exaggerated than those in real life shouldn't be used as a shield against criminal charges.

Hanni Fakhoury, a lawyer for the Electronic Freedom Foundation, makes a very good point -- one that could head off a lot of high-level court discussions over the "reasonable person" viewpoint.

Fakhoury says threats made online should be where police investigations start, not where prosecutions start.

"We've tolerated stupid speech a long time in this country, and we shouldn't let the Internet shake that balance," says Fakhoury. "We need a holistic approach to problems, not just, 'If you say a threat on the Internet, you're going to jail.'"

As we've often stated here, supposed threats should very definitely be investigated. But these investigations not only need to take into account whether the person has the means to carry them out, but also the surrounding context. It's simply not enough to declare something a threat because someone felt threatened -- a word some people deploy when they actually mean "appalled" or "offended." But that's often how these prosecutions start -- a very subjective situation which is only held to a supposedly objective viewpoint long after someone's already been jailed and gone to trial.

Ex-IRS official Lois Lerner's crashed hard drive has been recycled, making it likely the lost emails of the lightening rod in the tea party targeting controversy will never be found, according to multiple sources.

"We've been informed that the hard drive has been thrown away," Sen. Orrin Hatch of Utah, the top Republican on the Finance Committee, said in a brief hallway interview.

Citizens, the burden of proof lies on you when the IRS starts asking questions. You retain these records or bear the consequences. When the IRS loses two years of email, it simply rehashes what happens, shrugs its shoulders and waits for the NSA's Glomar on Lois Lerner's email metadata.

On one hand, at the point it was thrown away, those currently being investigated by Congress probably had no idea the emails contained would be requested two years later. On the other hand, the agency has the specific duty to retain this information to remain in compliance with federal public records regulations. Scrapping a hard drive doesn't sound like the move of an agency interested in maintaining public records.

Lerner's crashed hard drive was subpoenaed by Darrell Issa and computer forensics experts were fairly certain they could recover the data from the drive. But the drive no longer exists and it appears the IRS never made an effort to recover anything IRS-related from the drive.

It was nice to meet you this morning -- although I would have preferred it was under different circumstances. I'm taking you up on your offer to try and recapture my lost personal files. My computer skills are pretty basic, so nothing fancy -- but there were some documents in the files that are irreplaceable. Whatever you can do to help, is greatly appreciated…

As Hinderaker points out, Lerner seems dismayed to have lost some personal files, but is completely unconcerned that years of emails may have been destroyed as well.

It is remarkable that Lerner does not say: "Oh no! My hard drive crashed, and the IRS's only copy of two years' worth of my highly important work has been lost!" No: she is concerned about "my lost personal files," because "there were some documents in the files that are irreplaceable." That is a clearly stated and entirely reasonable concern, but it has nothing to do with losing the agency's only record of two years of work.

As more details come out, the IRS is looking worse and worse. But these additional details are pushing the perception more into the "expected bureaucratic incompetence" area, rather than towards "large-scale conspiracy to destroy evidence."

Still, the agency's long-standing practice of taping over previous backups and pitifully small amounts of email storage doesn't exactly evoke confidence in the IRS's ability to maintain public records. That whatever effort was actually made to recover data from Lerner's crashed computer seems to have revolved around "personal" files makes this situation even worse. The IRS requires hard copy backups of any email that could conceivably be part of the "public record," but it appears that no one involved followed that rule. The rash of coincidental crashes only adds to the negative perception.

The IRS -- and the government -- demands so much from its citizens with pages and pages of federal regulations but it can't even be bothered to follow the few rules it sets for itself. Pathetic.

from the a-step-in-the-right-direction dept

For a few years now we've been covering a key software patent case, Alice v. CLS Bank, which was another chance to show that pure software patents shouldn't be granted. As you may recall, four years ago, the Supreme Court got to tackle the question of software patents in the Bilski case, but chose to punt instead, rejecting that particular patent, and arguing that the specific test that everyone relied on shouldn't be the only test -- but otherwise leaving a lot of confusion in its wake. It did help dump a few software patents, but left the wider question pretty open.

We had hoped that when the Supreme Court agreed to hear the Alice case it wouldn't miss another chance to actually add some clarity to what is and what is not patentable. It seemed like the perfect opportunity. As you may recall, the original appeals court (CAFC) ruling was a complete disaster, with 135 pages of different opinions -- with only one single paragraph having a majority view, rejecting the specific patent. But no one could agree on why or the larger questions.

It was as if CAFC were practically begging the Supreme Court to provide clarity and guidance.

Unfortunately, the Supreme Court didn't really do that. It technically "upheld" the CAFC ruling (that one paragraph) rejecting the patent (which basically covered a computerized escrow service) as unpatentable subject matter. It further makes clear that merely taking an abstract idea and doing it "on a computer" doesn't make it patentable. That's all good... But, while three Justices (Sotomayor, Ginsburg and Breyer) hoped the court would go further and basically say that business methods weren't patentable at all, the rest simply wouldn't go along with that, saying that "many computer-implemented claims are formally addressed to patent-eligible subject matter," but never giving any examples.

Instead, it notes that you can't get a patent if each step claimed in the patent "does no more than require a generic computer to perform generic computer functions." Except, uh, many people will point out that's all that software does. That's basically how software works, but the Justices don't seem to recognize that. So, it's a bit of a conundrum. The court says many software patents are perfectly good because they apply to patent-eligible subject matter, but that if the claims do no more than require a generic computer to perform generic computer functions, it's not patentable. You could read that to mean that basically most software patents are no longer allowed, but... that's going to involve an awful lot of wasted litigation to teach a bunch of courts, including the Supreme Court, that basically all software involves generic computer functions.

Part of the problem is that, like many non-technical people, many of the Justice seems to think that software is a lot more than it really is. They seem to think that there's some magic in software that goes beyond just a bunch of instructions for a computer to follow. So, now they're saying that just taking some ideas and telling a computer to follow instructions to implement that idea is not patentable... but they still argue that there's plenty of software that is patentable. So it's... still really punting on the issue, in part because the Justices don't seem to understand software.

The court relies a lot on two other big recent rulings which we've covered -- the Mayo ruling that rejected medical diagnostic patents and the Myriad Genetics ruling that struck down gene patents, but doesn't quite go as far with software and business method patents. Instead, it sorta half rejects software patents, kinda, without going as far as it needs to go. As some folks are pointing out, the language used in the ruling is "going to tie folks in knots" as they try to figure out what it means.

In the long run, this may be a very important ruling. It's easy to read this ruling to basically reject a very large number of software patents. But, because of the unfortunately all-too-common nature of the Supreme Court semi-punting on clear decisions on this particular issue, it's not entirely clear where this ends up, meaning that there's going to be a lot of patent litigation citing this ruling, with both sides seeking to tap dance around the language choices. And that just means a few years down the road, it's quite likely that we'll be back here again, with the Supreme Court asked to decide, once again, whether or not software and business methods are really patentable.

from the pushing-the-edges dept

With all of the current arguing over net neutrality lately, it's important to recognize that the people who actually supply your internet access have pretty much already figured out ways to get around anything the FCC is currently talking about. As we've discussed, Comcast (and others) recently realized that they can get the exact same solution (fast lanes and slow lanes, and getting big internet services to double pay for the bandwidth you already bought) by focusing on interconnection issues and purposely letting their ports get clogged. Separately, AT&T and Verizon are increasingly putting their focus on wireless over DSL/fiber anyway -- in part because they know that the original (now rejected by the courts) open internet rules and any new FCC rules don't apply to wireless networks.

AT&T has exploited this with its sponsored data efforts, in which service providers can pay AT&T so that their data doesn't apply towards the ridiculously low data caps they've placed on their mobile broadband offerings. T-Mobile has now done something similar, though it's not quite as nefarious. It's offering a program called Music Freedom, in which certain music streaming services (which can certainly eat up some bandwidth) don't count against the data cap. Now, unlike AT&T's sponsored data program, at least T-Mobile isn't charging the music services to be on the list -- but it is still a limited list of participants. T-Mobile is letting its users "vote" on other services to be exempted from the data cap limits.

Here's the nefarious bit about all of this: this is all promoted and spun as being for the consumer's benefit. And, in a way, it is. You get to listen to music streaming on your phone without any concern about it eating up your data cap. Consumers win! Except... not really. Think through the details here: consumers are "winning" only because some pre-selected services are being granted an exemption from the ridiculously low caps set by the mobile operators themselves. Now you see the problem? It's the mobile operator "saving" the consumer from the artificial limits the mobile operators themselves set up. And then the mobile operators themselves get to "pick" the winning services (T-Mobile) or see who will pay the most to be the winner (AT&T).

Saving a child from a burning building makes you a hero. Setting fire to the building to then save the child? Not so much.

And that's where the big problem lies. When the company that provides you access to the internet has the ability to pick the winners and losers for service providers, a key part of what makes the internet so powerful and useful... goes away. That they're spinning this as being for the consumer is particularly problematic. Down in Chile, they seem to recognize this. Just a few days ago, we wrote about how Chile has found that this kind of thing violates its net neutrality rules by giving preferential treatment. In that case, the issue may seem even trickier, because it banned so-called "zero-rated" social media apps. In many places where mobile data is paid for on a rate basis, Facebook (especially) and others have been able to better penetrate those markets by paying the local mobile operators for their users' access to those apps. On the one hand that seems great, as it offers up these services to users for free when otherwise they'd have to pay. But it also locks in the big companies with the money to pay.

Either way, what the T-Mobile program (especially) shows is that it is clearly artificially setting up very low data caps for no good reason. By offering Music Freedom, it is flat out admitting that the low data caps are not necessary because of any traffic issues, because it can easily handle much more data (for free, even). T-Mobile could have just said any music streaming service is automatically included -- but instead it chose to pick winners and losers -- meaning that consumers (and less popular or new music services) lose. That's a big problem. There are plenty of reasons why various internet services may succeed or fail, but adding in the end user's internet access provider/mobile operator to the equation just puts up another (very large) hurdle.

from the because-that's-how-politics-work dept

Hillary Clinton is, of course, making her big Presidential campaign book tour, commenting on all sorts of big issues, as she gears up for the real campaign. It's causing some controversy, of course, including her wacky, angry response to Fresh Air host Terry Gross simply asking if she had changed her opinion on gay marriage (Clinton refused to directly answer the question, and when Gross called her on that, Clinton accused her of trying to claim she changed her opinion for political reasons, even though that was pretty clearly not Gross' intent). However, in that same interview, Clinton also took some ridiculous and uninformed shots at Ed Snowden. After Gross pointed out that Clinton's husband, former President Bill Clinton, had called Snowden an "imperfect messenger" but also suggesting that perhaps the national security state has gone too far, Hillary said:

Well, I usually agree with my husband, but let me say on this point that there were many ways to start this conversation. And in fact, the conversation was starting. Members of Congress - a few notable examples like Senator Wyden and Senator Udall and others - were beginning to raise issues that it was time for us to take a hard look at all of the laws that have been passed and how they were implemented since 9/11.

The president was addressing this. In fact, he had given a speech that basically made that point shortly before these disclosures were made. And of course, I think it's imperative that in our political system, in our society at large, we have these debates. So I welcome the conversation. But I think that he was not only an imperfect messenger, but he was a messenger who could have chosen other ways to raise the very specific issues about the impact on Americans. But that's not all he did.

Of course, this is misleading to wrong. Lots of defenders of the President on surveillance like to point to his speech at the National Defense University a couple weeks before the first Snowden revelation, but that speech did not address the issues now being discussed at all. It mostly focuses on fighting overseas, and actually (a few times) praises the work of the intelligence community and how useful that's been. That was not starting any sort of real debate. As for Wyden and Udall -- they'd been making these points for years and having them virtually ignored by most, in both the press and among their colleagues (we wrote about it, but we don't count).

There were other ways that Mr. Snowden could have expressed his concerns, by reaching out to some of the senators or other members of Congress or journalists in order to convey his questions about the implementation of the laws surrounding the collection of information concerning Americans' calls and emails. I think everyone would have applauded that because it would have added to the debate that was already started. Instead, he left the country - first to China, then to Russia - taking with him a huge amount of information about how we track the Chinese military's investments and testing of military equipment, how we monitor the communications between al-Qaida operatives. Just two examples.

Except, of course, the failure of Wyden and Udall's claims to get any attention made it quite clear that reaching out to Senators wouldn't help. And he did reach out to journalists. But, of course, Clinton's former boss has also been using the Espionage Act against leakers and journalists at an astounding rate. If Obama hadn't been doing so, perhaps Snowden would have been more comfortable just sharing a few documents. However, knowing that there was a good chance he was about to disappear for life, it makes sense that Snowden handed over the whole pile of documents to Greenwald and Poitras. And, yes, this is one of the consequences of Obama's use of the Espionage Act. It encourages leakers to leak big while they can.

If Clinton honestly thinks everyone would have "applauded... because it would have added to the debate," she is either clueless about how people have responded to various similar (less explosive) leaks, or trying to rewrite history in her favor.

And the whole "go to China and Russia" bit is tired, old and misleading. As is the suggestion that he took any of that info to Russia. That's been debunked in the past, no need to do so again.

"Laws that were passed after 9/11 gave the executive very broad authority ... what has happened is that people have said, OK, the emergency is over and we want to get back to regular order," she said.

"It's a really difficult balancing act, but you are absolutely right that we need to make some changes to secure that constitutional right to privacy that Americans are due."

Wait, what? If it weren't for Snowden, we wouldn't even be having the debate about the PATRIOT Act, and there wouldn't be a discussion about "the emergency is over." Hell, to hear Keith Alexander talk about it, the "threat" is bigger now than ever before. Because fear is the key.

Separately, notice that Clinton doesn't actually back any real proposal for reform, but just sorta dances around the idea that maybe reform is good. It's the ultimate in political nothingness. Stake out a bunch of vague positions without anything concrete that can come back to haunt you later, and do it all while bizarrely attacking the guy who made the issue an issue in the first place. And people wonder why the public is so cynical about politicians.

from the not-even-a-wrist-slap dept

The federal government doesn't want local law enforcement agents turning over cell tower spoofer documents. It has spent a great deal of time behind the scenes advising the agencies to withhold information from requesters, citing "security" and the fear of disclosing "methods" in defense of its actions.

In Sarasota, FL, it took a more overt route, sending US Marshals to seize responsive Stingray documents from the local police department. This time, it claimed it had "deputized" a department detective, making him part of a regional task force. As such, the records now "belonged" to the US Marshals Service and could not be turned over to the ACLU.

The ACLU responded to by filing an emergency injunction seeking to prevent US Marshals from confiscating any more SPD documents, as well as asking it to find that local law enforcement violated Freedom of Information law by handing over requested documents to the federal government.

When Sarasota Circuit Judge Charles E. Williams issued his order dismissing the lawsuit, there was nothing about this act by the federal government to essentially abscond with documents to prevent them from potentially becoming public. In fact, the judge did not hold an appropriate hearing on the evidence, even though [Michael] Barfield [ACLU of Florida] had wanted one to resolve key issues.

The ACLU is also “mystified” because Williams included in his latest order a statement that suggests the ACLU did not “challenge as a matter of fact to the representation of the United States government as to the status of Detective Jackson.”

Williams did order the government to turn over Stingray-related applications and orders that have already been filed under seal, but did not offer to lift that seal, meaning the ACLU will be returning to court to attempt to unseal the documents. But this doesn't mean Sarasota's Stingray documents will make their way into the public domain anytime soon.

[A]ccording to Barfield, the federal government “may not comply with the order. They did not seem to think the judge could order them to do anything and even implied they could “remove the case to federal court.”

Once again, we have to ask what's in these documents. The federal government is obviously going above and beyond to ensure the information stays out of the public's hands. Maybe it's just the government's collective paranoia over "means and methods" of surveillance. Or maybe it's something more egregious, like the 200+ times Tallahassee (FL) police deployed Stingray devices without a warrant. Either way, it sends a strong signal to the constituents that the only real right they have is the right to be surveilled.

You know all about "gamification" of course. The idea of adding "points" of some sort to just about everything, just to tap into people's competitive spirit so they have something to compare. Sometimes it includes things like being able to "level up" and unlocking features. The document in question is a document about some NSA training on the XKeyscore system, which, you'll recall, allows NSA analysts to pull up all sorts of info on people. Here's a screenshot we posted nearly a year ago:

The document has clearly been written by someone who is having quite a bit of fun, and references seven-headed dragons and Forrest Gump trolling for shrimp among other things. It includes bizarre "quotes" about how awesome XKeyscore is, as if it's a bad marketing brochure for some enterprise software:

"The first time I saw XKS, I said, 'Whoa!!' It is intimidating because you
open it up and you see all these queries and fields," said [REDACTED] "We took the
students from that response to being able to approach it and navigate around in it.
They see it differently now and know it's not a seven-headed dragon." This gentle
introduction has definitely enabled analysts to ease into XKS and get more
comfortable, and with that it has radically changed the overall mentality towards
the tool.

[....] Before the training, I was just happy to use it and not go to jail," said [REDACTED] .... "Now, I feel comfortable in my ability to use it and NOT go to jail. I used to always ask someone to look over my query before I submitted it. Now, my hand doesn't need to be held."

The document also talks about just how awesome XKeyscore is in that it comes up with results that other NSA systems can't turn up:

"Our analysts have been building hashes for document tracking and rolling them into fingerprints. We have been getting documents in XKS that we were not getting in our PINWALE queries. Just today analysts found reportable material from the Tunisian Ministry of Interior that was not from any selectors we were targeting. Now we know what we can do with XKS and exactly why we want to use it -- to make these discoveries.

These discoveries are igniting a trend of using XKS on a daily basis. "For daily pulls, analysts go through TransX, PINWALE, and now XKS to see what's new for the day," [REDACTED] said.

And then... we get to the gamification stuff, in which they discuss "XKS Skilz points." I'm not joking. XKS. Skilz. Points.

Combine these exciting finds with the introduction of XKS Skilz points, and you can see why McDonald's teamed up with Monopoly years ago: people buy more and even super size their orders just to get game pieces. With the brainchild of Skilz, where analysts can earn points and unlock achievements for performing tasks in XKS, people are willing to try new things within the tool. Analysts think to themselves, "Using the Prvot Data feature will earn 30 points... I'm going to try it and see what happens." Discovery! Points! We have been lured by our geeky desire to unlock achievements and earn points, and bragging rights are everything.

"Definitely a number of users have gotten into the Skilz points. We have several people at level six. They see what they need to do to earn more points and start trying out different things," said [REDACTED] In fact, ECC analysts now have the highest average of Skilz points compared to all of the S2 product lines and have written the most fingerprints per-capita! Some people say that the potent combination of Skilz points, the Circuit Training, and the team of easily-accessible, on-site instructors is the secret to ECC's successes with XKS.

It reads so crazy, I'm half hoping the NSA just comes out and admits that this is an internal April Fool's joke, but I fear that it may actually be serious. You can see that part on the bottom of page 3 in the embed below, or hell, here's a screenshot:

Gamification can be a potentially useful tool, but something seems kinda scary to think that the NSA is turning surveillance into a game where analysts get extra points and powers by doing more spying with the system. Just the fact that the document admits that they're using this to drudge up information that they can't find through their other systems and it's doubly concerning. Surveillance shouldn't be seen as a game by anyone.

A federal court on Friday dismissed an American Civil Liberties Union lawsuit on behalf of a U.S. citizen who was illegally detained and mistreated by American officials in three east African countries in 2007. After fleeing unrest in Somalia, New Jersey resident Amir Meshal was arrested, secretly imprisoned in inhumane conditions, and harshly interrogated by FBI agents over 30 times before ultimately being released without charge four months later.

The ACLU had argued that Meshal's Fourth and Fifth Amendment rights were violated by these FBI agents, but the court has found that there's no legal recourse available for Meshal. It even admitted that the allegations, along with the legal questions the decision itself raises, are "deeply troubling." Unfortunately, the district court finds itself unable to do anything more than dismiss the case.

The defendants have moved to dismiss his case, alleging that even if Mr. Meshal’s allegations are true, he has no right to hold federal officials personally liable for their roles in his detention by foreign governments on foreign soil.

Except that it wasn't just foreign governments. It also involved US FBI agents who operated extraterritorially, operating in an area where they had no true legal authority to pursue or detain suspects. Any imprisonment was courtesy of local governments in three East African nations. The alleged torture, however, was All-American.

Despite it being held that Americans are not stripped of their rights when they leave the country, the court finds that earlier precedent finds in favor of the government thanks to the always-useful evocation of "national security" and "terrorism." (The FBI agents believed Meshal was connected with al-Qaeda.)

[I]n the past two years, three federal courts of appeals, including the United States Court of Appeals for the District of Columbia Circuit, have expressly rejected a Bivens remedy for citizens who allege they have been mistreated, and even tortured, by the United States of America in the name of intelligence gathering, national security, or military affairs.

The decision notes that courts have been reluctant to insert themselves in matters of national security, either in terms of military detainment or actions resulting from executive orders. This court is no different, although Judge Emmet Sullivan at least has the modicum of decency to note how truly screwed up this whole situation is.

The facts alleged in this case and the legal questions presented are deeply troubling. Although Congress has legislated with respect to detainee rights, it has provided no civil remedies for U.S. citizens subject to the appalling mistreatment Mr. Meshal has alleged against officials of his own government. To deny him a judicial remedy under Bivens raises serious concerns about the separation of powers, the role of the judiciary, and whether our courts have the power to protect our own citizens from constitutional violations by our government when those violations occur abroad.

This is another win for the unsavory side of our government, which uses fear of terrorism as an excuse for all sorts of malfeasance and overreach. Rather than buck precedent, Judge Sullivan cites and follows, creating evenmore precedent that will make attempts to reverse this trend less and less likely.

As it stands now, the government need only claim it suspects you of terrorism to treat you however it wants once you leave the relative safety of the United States. No one is allowed to question actions performed under the color of national security. The State knows best and if you try to challenge its actions, you'll find that route has been blocked by bad precedent set in deference to executive branch FUD.

The ACLU completely understates its opinion of this ruling.

"It is a sad day for Mr. Meshal and for all Americans, who have a right to expect better of their government and their courts than immunity for terrible government misconduct."

Oh, we certainly have the right to expect better. We just don't have any way of demanding it. That decision currently lies in the hands of legislators, a group that has also shown an appalling tendency to defer to national security fearmongering. Judge Sullivan knows this is terribly wrong but can't find a way to get out from under bad precedent. Here's hoping judges in the future can do better.

from the is-the-'safe-harbor'-safe? dept

Back in 2011, we wrote about an Austrian citizen, Max Schrems, who asked Facebook to send all of the personal data that it held on him -- and received a CD-ROM with some 800 pages of it. Schrems and his organization, Europe v Facebook (EvF), are now trying to find out whether the so-called "Safe Harbor" framework, which allows US companies to transfer personal data out of Europe if they promise to provide certain levels of data protection, is now void in the light of Edward Snowden's revelations of the complicity of US computer companies in NSA spying through the PRISM system.

Hogan disagreed that Schrems was a vexatious complainer, saying that in the wake of Edward Snowden's NSA revelations his concern was justified. He also said that, although Schrems clearly had no definitive evidence that the principles of the Safe Harbor agreement were being violated, he was "nonetheless certainly entitled to object to a state of affairs where his data are transferred to a jurisdiction which, to all intents and purposes, appears to provide only a limited protection against any interference with that private data by the U.S. security authorities."

Because the questions raised by Schrems and EvF are so far-reaching for the whole of the European Union, Hogan referred the case to Europe's highest court, the EU Court of Justice (EUCJ), posing the following questions:

Is the [Irish data protection] watchdog "absolutely bound" by the European Commission's view 14 years ago that the U.S. adequately protects personal data, or "alternatively, may the office holder conduct his or her own investigation on the matter in the light of factual developments in the meantime since that Commission Decision was first published?"

Although the EUCJ is not being asked directly to consider Snowden's revelations about the NSA surveillance of Europeans through PRISM and other programs, and whether that spying undermines the entire Safe Harbor agreement, it seems inevitable that the court will need to address those issues in coming to its decision. As we've reported before, there are already calls from the European Parliament to suspend the Safe Harbor scheme -- something that would be pretty disastrous for US computer companies operating in Europe. At the very least, this latest development will add to the pressure there to revise the framework to address its manifest weaknesses.